Why We Need Globally Standardized Cyber Laws

Why We Need Globally Standardized Cyber Laws

In its Global Risk Report 2019, the World Economic Forum (WEF) has placed cybercrime near the top of the list of global risks. Large-scale cyber-attacks or malware can cause “large economic damages, geopolitical tensions, or widespread loss of trust in the internet,” argues the WEF.

An alarming warning. The risks of cyber-attacks, as well as the damages caused, have become more severe in recent years. The reason is the rise of cyber dependency due to the increasing digital interconnection of people, things, and organizations. 

While hackers have proven they can even access highly secured government systems, the victims are mostly smaller entities, in particular, small and medium-sized enterprises (SMEs). SMEs often don’t have the expertise or the budget to invest in cybersecurity heavily. 

Once the damage is done, another challenge arises: There is little an SME can do to take legal action because international law has not kept up with cyber-criminals. There is no functioning global reporting framework. 

The challenge of factual and legal attribution

Cyber attacks are by their very nature, borderless, asymmetric, and fast-changing. A hacker could sit in Bolivia and attack security systems of U.S.-based companies. As there is no global reporting standard, the very first question after a cyber attack is: Whom am I going to ask for help?  

There are two challenges: Factual and legal attribution. The factual issue is that it is often difficult to identify the origin of a cyber attack. Criminals have become effective in masking their location and identity. The anonymity makes it hard for law enforcement agencies to determine who is responsible for a specific attack and in which jurisdiction this person or organization is located. 

The legal attribution problem arises because unless it is possible to locate an attacker, there are no legal bodies that can be addressed. While there are some supranational institutions concerned with cybercrime, in practice, there is little mutual legal assistance and trans-national policing capability to combat cybercrime on an international level effectively. 

Lack of international data sharing 

The lack of international cybersecurity frameworks also results in a lack of cross-border data sharing regarding security breaches. While regulators across the globe require companies to disclose incidents, too often these regulators share too little of the data with their international counterparts, if they share any data at all. 

However, sharing cyber breach data internationally is relevant for law enforcement to understand the frequency and types of incidents that occur on the industry, national, and regional levels. Such data would also enable organizations to compare and benchmark themselves and to prioritize their cybersecurity investments.

With the lack of an international framework, platforms like Export Portal have become paramount for international trade. At Export Portal, we prioritize security, transparency, cost-effectiveness, and ease-of-use. Our platform is based on the latest and most secure blockchain technology to secure all your transactions, data, and documentation. Register today, and join the safest international trade platform.